TechBizWebTechBizWeb

    Subscribe to Updates

    Get the latest news about Technology and Business from all around the web..

    What's Hot

    Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

    November 7, 2022

    Ryanair swings to first-half profit and raises passenger forecast

    November 7, 2022

    Devialet brings its sci-fi design aesthetics to a $790 portable speaker

    November 7, 2022
    Facebook Twitter Instagram
    • About Us
    • Privacy Policy
    • Guest Post
    • Terms
    • Contact
    Facebook Twitter Instagram
    TechBizWebTechBizWeb
    Subscribe
    • Home
    • Technology

      Amazon says it has ‘hundreds’ of Rivian electric vans making deliveries in the US

      November 7, 2022

      Devialet brings its sci-fi design aesthetics to a $790 portable speaker

      November 7, 2022

      Elon Musk’s response to fake verified Elon Twitter accounts: a new permanent ban policy for impersonation

      November 7, 2022

      The iPhone 14 Pro and Pro Max will come with ‘longer wait times’ due to factory lockdown

      November 6, 2022

      Meta’s reportedly planning to lay off ‘thousands’ of workers this week

      November 6, 2022
    • Business
    • Cyber Security
      National Security News

      List of 620 Russian spies, featuring one alleged agent at the centre of one of the biggest personal scandals in Wall Street history.

      September 24, 2022

      Cybersecurity ranked most serious enterprise risk in 2022

      August 31, 2022

      Registration open for CISA virtual summit on K-12 school safety

      August 31, 2022

      What do the Trickbot leaks reveal about Russian cybercrime?

      August 31, 2022

      What cybersecurity measures do CISOs outsource?

      August 30, 2022
    • Blockchain
    • Vulnerabilities
    • Social Engineering
    • Malware
    • Cyber Security Alerts
    TechBizWebTechBizWeb
    Home»Cyber Security»WordPress 5.1.1 Patches Remote Code Execution Vulnerability
    Cyber Security

    WordPress 5.1.1 Patches Remote Code Execution Vulnerability

    March 14, 2019Updated:March 14, 2019No Comments3 Mins Read
    Facebook Twitter Pinterest LinkedIn Tumblr WhatsApp
    Share
    Facebook Twitter LinkedIn Pinterest Email


    WordPress this week addressed a vulnerability that could allow an unauthenticated attacker to execute code remotely and take over vulnerable websites. 

    The vulnerability impacts the manner in which comments are filtered and then stored in the database, and any WordPress installation prior to version 5.1.1 with comments enabled is vulnerable.

    To exploit the vulnerability, an attacker would have to trick the site administrator to visit a domain to trigger a cross-site request forgery (CSRF) exploit in the background. The exploit leverages a series of logic flaws and sanitization errors to execute code and take over the target site, Simon Scannell of RIPS Technologies explains. 

    The vulnerability is exploitable with default settings and, with most WordPress installations having comments enabled, millions of websites are likely impacted, the security researcher says. 

    The core of the problem, Scannell explains, is that WordPress doesn’t perform CSRF validation when a user posts a new comment (features such as trackbacks and pingbacks would break if validations were in place), which allows an attacker to create comments in the name of administrators. 

    Given that administrators are allowed to use arbitrary HTML tags in comments, even